SNMP: Why it’s Still the Best Monitoring Protocol pt. 2

SNMP transports messages utilizing User Datagram Protocol (UDP). Unlike the alternative Transmission Control Protocol (TCP), this protocol doesn't require a connection to the receiver's network to deliver the data package. Network packets are simply sent to a destination without establishing any connection with the receiving network. The UDP connectionless protocol works more like the United States Post Office: a sender puts information in the envelope, addresses it, and the USPS drops the packet in the receiver's mailbox. The receiver doesn’t need to be home, open the door, or let the deliverer in.

On the other hand, TCP connection-oriented protocol works as if the sender put the content in an envelope, drove to a house, knocked on the door, came inside, showed their credentials, then handed the receiver the letter and confirmed they understood it.

The security risks are easy to see here. How can you be certain the sender is who you think it is? How do you know it’s not Tom Cruise in a Mission Impossible mask or a Terminator impersonating someone you know? Ensuring safety in this scenario requires a level of authentication that you can simply avoid by never opening the door. In other words, allowing outsiders access to your network opens the door to risk.

In addition, SNMPv3 can include encryption on the contents of the envelope.

Non-UDP protocols rely on the authentication of the sender and receiver to ensure the information is delivered to the right place, but the data itself is not protected. SNMPv3 can provide connectionless delivery with data encryption on the contents, making both the delivery and the data more secure.

Two SNMP features we discussed earlier also make the protocol more scalable: its consistent, standard data structure and its connection-less transfer format.

Getting started with a non-standard protocol may be easy and fast, but scaling and maintaining becomes harder and harder. The other protocols available today don't follow a universal standard, so they’re very unsophisticated and difficult to scale. Prometheus, for example, uses a fairly specified JSON encoding format for its own purposes, but that structure isn't defined anywhere, so you could basically send anything, and the receiver will have to do all the work on their side to unravel and understand the information.

The connectionless UDP communication model also supports scalability by enabling asynchronous delivery. In a connection-style protocol like TCP, the sender and receiver exchange communication parameters, and then a session is opened in each network and firewall to maintain the session until the conversation is concluded. This means that the sender asks for something and then waits for a response, asks for something / waits for a response, and so on. Keeping multiple connections open ties up network and receiver resources and time. One company could be maintaining 3- or 400,000 open connections at any one time. That’s a massive overhead on the network.

In an asynchronous format like UDP, the firewalls and the routers just send the packet and forget about it. Then, when the other side gets it, and it needs to send a response, they'll just send the response. The firewalls and networks aren’t maintaining sessions; no one is waiting. Network overhead is eliminated because SNMP and UDP (and OpenNMS) are not connection-oriented and are asynchronous in nature.

We hope you’ve found this review of the SNMP standard enlightening. This sometimes taken-for-granted protocol still has much to offer today's modern network monitoring challenges. While bandwidth may be bountiful now, it never hurts to leverage lightweight solutions like SNMP to avoid ever worrying about consumption. Its highly structured format lets network monitor tools know exactly what to expect. That and its connectionless communication format support security and scalability.

That's a ton of SNMP network monitoring value in one very small packet.